Penetration Testing – NMAP Overview
Hello everyone now let’s talk about and map so nmf stands for network mapper and it’s one of the best open-source tool used for scanning the network with the help of an map we can scan open ports and the services running on them including their version number so the and map is also used for searching the operating system that is running on the remote host and with the help of n map we can perform various scans including service can aggressive scan and with the help of aggressive scan we can fetch a much more detailed information including our target operating system and the metadata and some additional information like internal files now let’s see how we can use M map in order to perform various scans now let’s see that how we can find open ports and their version number by using n map so in order to use n map we have to start our Kali Linux and here you can see that right now I am inside my Kali Linux instance so in order to start n map we first have to open the terminal let me open it up so in order to start a n map we just have to write and map followed by the website name or the IP address so let me just write down here ok so once you write the website name you can also write a particular port and let’s scan all the ports which are opened on this website along with their services now let me hit enter and here you can see that our nmap scan has been started and it’s my n map version it’s a it’s a newer version because I’m using Kali Linux 2 and it shows us the detail of port its State and along with its services so you can look at here that on port 22 this state is open the port 22 is open and the service running on port 22 is SSH so same you can see HTTP service carbo’s https and some my sequel service and few other services so this was the basic usage of nmap now what if if we want to scan the version number or you want to enumerate the version number of a particular service so why in a meeting the version number is important so as a penetration tester your main goal is to find the version number because once you get the version number a penetration tester can use some tools or can search the particular exploit corresponds to that version number so that’s why scanning the version number is must so there is one scan in nmap called as version scan so let’s see how we can use it so we have to write and map – s and capital V so s is for steel and this V is for version number followed by the website name so you can even write the IP address instead of writing the website name hit enter so these kind of scans take little bit time ok so let’s see the result so it’s here is a port then the next column is of state then services and here you can see additional column of version so this output is same but here is the thing so here is a service as a chest and you can just read its version OpenSSL then HTTP version then my sequel and a path applied so now it’s giving us an additional information that this website is hosted on Mac here you can see Mac OS so this was all about the service scan so the best practice of a system administrator here is to hide the version number of the running services so now let’s talk about aggressive scan in nmap so aggressive scan is one of the most powerful scan of an nmap because aggressive scan contains all the features of different different scan or you can say that aggressive scan is a combination of different scan so by aggressive scan one can find the services version number metadata disallowed directories and even the routing also DNS servers names also and some additional stuff so now let’s see how we can use aggressive scan an nmap so in order to use it we again have to write and map – capital a followed by the website name so this can aggressive scan take a little bit time so we have to be patient okay now scan has been completed now let’s analyze it result okay so here you can see that first of all it has enumerated the ssh public host keys then the PHP version also of port 80 HTTP and here you can see the additional information like HTTP title the website title along with the SSL server detail so if I scroll down you can see lot of juicy details along with the name server domain name server and it has also find that the operating system on which this website is hosted so it’s hosted on apple OS X and if I scroll down here you will see or find the traceroute detail so here you can see the traceroute so this can can perform a best information gathering for our target so this was all about and map and the basic usage of an map now thanks for watching this video …
We acknowledge that this video belongs to the author and thank them for it’s use.
Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education and research. Fair use is a use permitted by copyright statute that might otherwise be infringing..
As found on Youtube